diff --git a/apps/base/goharbor/kustomization.yaml b/apps/base/goharbor/kustomization.yaml
index bc535bd42780c60d5d2f6028293b486aa40506d6..ae068bbaae7863f44c7b94bdf8bdcc5142b12c5a 100644
--- a/apps/base/goharbor/kustomization.yaml
+++ b/apps/base/goharbor/kustomization.yaml
@@ -5,4 +5,6 @@ resources:
   - namespace.yaml
   - repository.yaml
   - release.yaml
+  - ../../../shared/networkpolicies/allow-from-ingress.yaml
+patchesStrategicMerge:
   - networkpolicy.yaml
diff --git a/apps/base/goharbor/networkpolicy.yaml b/apps/base/goharbor/networkpolicy.yaml
index 80ce4e2943a622dad1a8cff034081621f6a89cd1..4acedd3fa44d66115cad32d45c5005b76ccfc3f1 100644
--- a/apps/base/goharbor/networkpolicy.yaml
+++ b/apps/base/goharbor/networkpolicy.yaml
@@ -7,8 +7,3 @@ spec:
   podSelector:
     matchLabels:
       app: harbor
-  ingress:
-  - from:
-    - namespaceSelector:
-        matchLabels:
-          ingress.shivering-isles.com/network-access-required: "true"
diff --git a/shared/networkpolicies/allow-from-ingress.yaml b/shared/networkpolicies/allow-from-ingress.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..b589ded463e65a8ef395651ead834cdf315b41c8
--- /dev/null
+++ b/shared/networkpolicies/allow-from-ingress.yaml
@@ -0,0 +1,11 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-ingress
+spec:
+  ingress:
+  - from:
+    - namespaceSelector:
+        matchLabels:
+          ingress.shivering-isles.com/network-access-required: "true"